lib: implement safe alternatives to Promise static methods
#43728
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Review requested:
|
nodejs-github-bot
added
esm
aduh95
changed the title
Promise static methods
aduh95
changed the title
Promise static methodsPromise static methods
benjamingr
approved these changes
Jul 8, 2022
|
Actually I see this is already scoped to discussing primordials in modules so I guess that's fine and no need to re-hash the "they make contributions harder, introduce perf regressions, confuse new contributors" etc discussions. I just want to add that tamper-proofedness requires formal proof to be meaningful IMO (which afaik we haven't done), turning off known side channels (namely the JIT and concurrent GC) etc. |
Qard
approved these changes
Jul 8, 2022
aduh95
added
author ready
github-actions
bot
removed
the
request-ci
legendecas
approved these changes
Jul 8, 2022
21 tasks
20 tasks
aduh95
added
commit-queue
nodejs-github-bot
removed
the
commit-queue
|
Landed in 3fb5784 |
This was referenced Jul 10, 2022
targos
pushed a commit
that referenced
this pull request
Jul 12, 2022
PR-URL: #43728 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Stephen Belanger <admin@stephenbelanger.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
targos
pushed a commit
that referenced
this pull request
Jul 31, 2022
PR-URL: #43728 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Stephen Belanger <admin@stephenbelanger.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
Fyko
pushed a commit
to Fyko/node
that referenced
this pull request
Sep 15, 2022
PR-URL: nodejs#43759 Refs: nodejs#43728 Reviewed-By: Feng Yu <F3n67u@outlook.com>
guangwong
pushed a commit
to noslate-project/node
that referenced
this pull request
Oct 10, 2022
PR-URL: nodejs/node#43728 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Stephen Belanger <admin@stephenbelanger.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
guangwong
pushed a commit
to noslate-project/node
that referenced
this pull request
Oct 10, 2022
PR-URL: nodejs/node#43759 Refs: nodejs/node#43728 Reviewed-By: Feng Yu <F3n67u@outlook.com>
alan-agius4
added a commit
to alan-agius4/universal
that referenced
this pull request
Oct 26, 2022
…led on incompatible receiver error Prerendering does not work when using Node.js versions that contain the following commit nodejs/node#43728 due to `loadesm` is now using `SafePromiseAll` which is not handled properly by zone.js. With this chage we introduce a workaround until it's fix upstream.
alan-agius4
added a commit
to alan-agius4/universal
that referenced
this pull request
Oct 26, 2022
…led on incompatible receiver error Prerendering does not work when using Node.js versions that contain the following commit nodejs/node#43728 due to `loadesm` is now using `SafePromiseAll` which is not handled properly by zone.js. With this chage we introduce a workaround until it's fix upstream.
alan-agius4
added a commit
to alan-agius4/universal
that referenced
this pull request
Oct 27, 2022
…led on incompatible receiver error Prerendering does not work when using Node.js versions that contain the following commit nodejs/node#43728 due to `loadesm` is now using `SafePromiseAll` which is not handled properly by zone.js.
alan-agius4
added a commit
to alan-agius4/universal
that referenced
this pull request
Oct 27, 2022
…led on incompatible receiver error Prerendering does not work when using Node.js versions that contain the following commit nodejs/node#43728 due to `loadesm` is now using `SafePromiseAll` which is not handled properly by zone.js.
alan-agius4
added a commit
to angular/universal
that referenced
this pull request
Oct 27, 2022
…led on incompatible receiver error Prerendering does not work when using Node.js versions that contain the following commit nodejs/node#43728 due to `loadesm` is now using `SafePromiseAll` which is not handled properly by zone.js.
alan-agius4
added a commit
to angular/universal
that referenced
this pull request
Oct 27, 2022
…led on incompatible receiver error Prerendering does not work when using Node.js versions that contain the following commit nodejs/node#43728 due to `loadesm` is now using `SafePromiseAll` which is not handled properly by zone.js. (cherry picked from commit b7dbc25)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Alternative to #38843, but restricted to the changes related to the ESM implementation since it's easier to get consensus regarding whether we want tamperproofness on that part of the code base. /cc @nodejs/modules @nodejs/loaders
Promise static methods that iterate over the provided argument (
%Promise.all%,%Promise.any%, ...) look up thethenproperty over each promise to support promise subclassing. This PR is introducingSafePromiseAll,SafePromiseAny, etc. that take an array, safely iterate over it, and wrap each promise in aSafePromise(whose prototype is not accessible from userland) and wrap the resultingSafePromisein a classicPromiseto make the operation transparent from userland.